Security Alert

Cyber Security Awareness Month – Why DUO?

The University of Alabama now has more than 40,000 DUO users. To better understand the need for DUO, this week we’re sharing facts about what we’re doing to protect UA against cyber attacks. 

Cyber Map

More than 9,100 student accounts at The University of Alabama have been compromised in the last four years. In most instances, the compromised account occurred because of phishing attempts and weak passwords. Passwords are simply not strong enough to protect the sensitive data held within myBama accounts.

OIT implemented DUO to add a second layer of security to myBama accounts. With DUO, cyber attackers cannot gain access to your myBama account unless they have your username, your password and your DUO-registered device.

The University of Alabama also blocks 105,000 cyber attacks each and every minute. These attacks originate from across the globe. Hackers want the sensitive data held within your myBama account. Protect your myBama account against attacks and phishing emails with DUO two-factor authentication. Get started at duo.ua.edu.

October is National Cyber Security Awareness Month. OIT will be posting cyber safety information throughout the month. For more information about Cyber Security Awareness Month, visit The National Cyber Security Alliance’s website https://staysafeonline.org.

Oct. 10, 2017 Phishing Attempt

Tuesday, October 10, 2017, many UA employees received a phishing email with the subject title “RE: Microsoft outlook account unusual sign-in activity”

This is a phishing attempt designed to obtain sensitive user data, like your myBama username and password, and possibly infect your system with malicious code. If you haven’t already, please delete the email.

If you did receive this email, and you did click on the link in the email to provide any sensitive information, please promptly change your myBama password and activate DUO at duo.ua.edu. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

Oct 10 Phishing Attempt

Equifax Cyber Breach: What You Need to Know

Mass cyber breaches, like the recent Equifax security breach, can be intimidating and alarming. In this week’s cyber security tip, we provide tips for users affected by commercial cyber breaches.

Cyber Breaches - What you should know

In situations like the Equifax cyber breach, it is best to follow the news and recommendations from the organization affected. However, there are a few additional things that you can do to better protect your credit score and your online identity.

  • One tip is to establish a credit freeze with all four credit agencies – Equifax, Transunion, Experian and Innovis. By initiating a credit freeze, or security freeze, you will restrict access to your credit report, making it more difficult for identity thieves to open up new accounts in your name. A credit freeze does not impact your credit score. You may simply contact each credit reporting company to establish the freeze. Sometimes there is a fee for this service, but it is usually $10 or less.
  • You also should regularly monitor your credit and your online banking accounts to ensure their security.
  • Regularly change your passwords, and, if it is offered, use two-factor authentication. Many banking and investing websites have employed two-factor authentication to better protect their users.

October is National Cyber Security Awareness Month. OIT will be posting cyber safety tips throughout the month. For more information about Cyber Security Awareness Month, visit the National Cyber Security Alliance’s website https://staysafeonline.org.

Oct. 4 Student Phishing Attempt

Thursday, October 4, 2017, many UA students received a phishing email with the subject title “Important Notice” or “Important Mail Notice”

This is a phishing attempt designed to obtain sensitive user data, like your myBama username and password, and possibly infect your system with malicious code. If you haven’t already, please delete the email.

If you did receive this email, and you did click on the link in the email to provide any sensitive information, please promptly change your myBama password and activate DUO at duo.ua.edu. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

Below are screenshots of the emails.

Phishing Attempt

 

phishing attempt

September 14 Phishing Attempt

Thursday, September 14, 2017, many UA students, faculty and staff received a phishing email with the subject title “Your account has been queued for deletion”

This is a phishing attempt designed to obtain sensitive user data and possibly infect your system with malicious code. If you haven’t already, please delete the email.

If you did receive this email, and you did click on the link in the email to provide any sensitive information, please promptly change your myBama password and activate DUO at duo.ua.edu. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

 

Screenshot of phishing attempt

Sept. 6 Phishing Attempt

Wednesday, September 6, 2017, many UA students, faculty and staff received a phishing email with the subject title “request closed”

This is a phishing attempt designed to obtain sensitive user data and possibly infect your system with malicious code. If you haven’t already, please delete the email.

If you did receive this email, and you did click on the link in the email to provide any sensitive information, please promptly change your myBama password and activate DUO at duo.ua.edu. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

Phishing Attempt Screenshot

August 22 Phishing Attempt

Tuesday, August 22, 2017, many UA students, faculty and staff received a phishing email with the subject title “Hello”

This is a phishing attempt designed to obtain sensitive user data and possibly infect your system with malicious code. If you haven’t already, please delete the email.

If you did receive this email, and you did click on the link in the email to provide any sensitive information, please promptly change your myBama password and activate DUO at duo.ua.edu. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

Below is a screenshot of the email.

August 17 Phishing Attempt

Thursday, August 17, 2017, many UA students, faculty and staff received a phishing email with the subject title “Case ID-A0722JB verification”

This is a phishing attempt designed to obtain sensitive user data and possibly infect your system with malicious code. If you haven’t already, please delete the email.

If you did receive this email, and you did click on the link in the email to provide any sensitive information, please promptly change your myBama password and activate DUO at duo.ua.edu. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

Below is a screenshot of the email.

 

DUO Required for Direct Deposit Self Service

Effective August 1, 2017, all UA employees are required to use DUO Two Factor Authentication to access their online, self-service direct deposit banking information on myBama. DUO provides a secure avenue for UA employees to access direct deposit information from both on and off campus.

Because it requires two factors to verify an employee’s identity, DUO adds a second layer of security to myBama accounts. These factors include something you know – your username and password, and something that you have – a smartphone, landline phone or passcode, to authenticate and grant access to an account.  By requiring DUO to access direct deposit self-service banking information is to protect the myBama credentials of UA faculty, staff and students from remote attackers to ensure account security.

To activate your DUO account, visit www.duo.ua.edu. Users should follow the screen prompts and choose their preferred authentication type. Users can utilize a smartphone, a landline phone or passcodes. For more information, step-by-step instructions, and a complete tutorial, please visit www.oit.ua.edu/duo.

July 28 Phishing Attempt

Friday, July 28, 2017, many UA students, faculty and staff received a phishing email with the subject title “IT ALERT: Exchange 2017”

This is a phishing attempt designed to obtain sensitive user data and possibly infect your system with malicious code. If you haven’t already, please delete the email.

If you did receive this email, and you did click on the link in the email to provide any sensitive information, please promptly change your myBama password and activate DUO at duo.ua.edu. Please contact the IT Service Desk with questions and concerns 205-348-5555 or itsd@ua.edu.

Below is a screenshot of the email.